Homeland Security offers free e-mails with cyber warnings

TED BRIDISAP Technology Writer

Published Thursday, January 29, 2004

WASHINGTON -- The U.S. government's ambitious new cyber alert system transmitted its first Internet warning on its opening day of business Wednesday, cautioning computer users about a fast-spreading infection that causes victims to launch an electronic attack against Microsoft Corp.

The Homeland Security Department said the Web site where Americans can sign up for the free cyber alerts and computer advice, www.us-cert.gov, received more than 1 million visitors Wednesday, up from a few thousand visitors one day earlier.

The new National Cyber Alert System will send urgent e-mails about major virus outbreaks and other Internet attacks as they occur, along with detailed instructions to help computer users protect themselves.

The program, announced Wednesday, represents the government's effort to develop a trusted warning system that can help home users and technology experts. The announcement comes 11 months after such an alert system was described in the National Strategy to Secure Cyberspace, a series of proposals endorsed by the Bush administration and the technology industry to improve online security.

The government christened the new warning system by transmitting its first alert, about a newly discovered version of a fast-spreading virus known as "Mydoom" or "Novarg."

The cleverly designed virus, spread by e-mail, poses as an authentic error message and entices users to click on it to infect their computers. Infected machines were programmed ultimately to launch an automated attack against Microsoft's Web site.

"There is a clear need for this kind of system to be developed," said Amit Yoran, the Bush administration's cyber security chief. "Receiving information from the Department of Homeland Security gives people a certain level of confidence."

The alerts will function independently from the Homeland Security Department's well known color-coded system, which reflects the national threat level.

Sen. Charles Schumer, D-N.Y., quickly criticized the alert system, describing it as inadequate because it doesn't require companies that suffer major virus outbreaks to notify the government. He also predicted that hackers will mimic the e-mail alerts transmitted by Homeland Security to trick computer users. "I would bet money that will happen," Schumer said.

Yoran said alerts will be digitally signed so computer users can determine the e-mails aren't forged; each alert also will be published on the Web site for the U.S. Computer Emergency Readiness Team.

Previous government efforts to distribute warnings about Internet attacks were sharply criticized by congressional investigators, who complained in July 2002 that those earlier warnings were mostly issued after Internet attacks were long under way. They blamed the government's inability to analyze imminent Internet attacks, fears about raising false alarms and staff shortages.

Wednesday's inaugural alert came roughly five hours after researchers discovered the latest version of the virus spreading on the Internet. Yoran acknowledged the difficult balance between providing warnings quickly and making sure they're accurate.

"I'm sure we'll take some kicks in the shins," he said.

Yoran indicated the government will focus on distributing information as quickly as possible, correcting any wrong or outdated information as U.S. computer investigators learn new details. "In the absence of information, the operator community is going to rely on whatever information is out there," he said. "It's better to have our voice heard rather than letting people operate in the dark."

The new alert system also sets up potentially serious conflicts with leading software companies, including Microsoft Corp., which discourage any public disclosures about new security flaws in their products until engineers can study the problems and offer software patches for their customers.

Yoran said the government will aggressively warn consumers about vulnerabilities, in some cases revealing threats "above and beyond what specific commercial vendors may not wish to disclose."

"If the disclosure of certain information is deemed in the public interest, we'll move forward," he said.